364 Idaho Inmates Hacked Their Prison Tablets For Free Credits

According to local Idaho media, 364 inmates across at least five institutions exploited a vulnerability in their prison-issued tablets to assign nearly $225,000 worth of digital credits to their accounts. They were then able to use these credits to buy music and games. Bleeping Computer reports: The hacked tablets have been used at low-security level prisons across the U.S. for a few years now. They've been offered through a partnership between CenturyLink and JPay. Spokespersons for both companies said the vulnerability inmates exploited was identified and fixed. Officials from the Idaho Department of Correction (IDC) said there was no loss of state funds as a result of the hack, as inmates transferred only JPay-managed (fictitious) digital credits to their accounts. Most inmates transferred small amounts of credits to their tablet accounts. JPay said it recovered more than $65,000 worth of digital credits from the 364 inmate accounts. The company has suspended the ability to buy games and music via digital credits on the tablets of offending inmates. Email functionality was left intact, and the company plans to recover the incurred losses.

Re:If it's funny money can we drop the $ signs

[mspohr]

It looks like this whole system is a scam to suck money from the inmates. Probably very high charges for pad rental, email, games, etc. Good to see them striking back to free the system.

Re: Criminals steal stuff. Surprise!

Not even just weak security, try *no* security. Apparently the app that provides the services to the inmates stored both the item prices and the inmates account balance in a SQLite database stored ON THE DEVICE ITSELF, and the app didn't check a central server to verify transactions.

Fucking amateur hour.